All geek questions in one place

Fix hacking in-app purchase; stuck in the fourth step

As many of us know, Apple has a recent situation where hackers can get a free In-App Purchase for free. Apple recently released this document describing how to fix it, but I'm a little confused in step 4 and I will be grateful for any help.

The first steps are to download their .h and .m patch, include it in your project, and link it to the security infrastructure. Ok, ok, got it. Then Apple says:

4. Provide a base64 encoder, a base64 decoder, and the action to perform when validation succeeds.

What exactly does what I have to do with encoders? (The action that needs to be performed when the check was successful is clear to me.) I see that the functions called base64_encode and base64_decode in the class, of course. But what is he asking for? Is it like a special PIN that I only know to prevent hacking? I'm not sure what to do here. Of course, I understand the general concepts of encoding and decoding, but not the software features of how to properly generate in this situation.

The code that Apple writes if this helps anyone:

 - (NSString *)encodeBase64:(const uint8_t *)input length:(NSInteger)length { #warning Replace this method. return nil; } - (NSString *)decodeBase64:(NSString *)input length:(NSInteger *)length { #warning Replace this method. return nil; } #warning Implement this function. char* base64_encode(const void* buf, size_t size) { return NULL; } #warning Implement this function. void * base64_decode(const char* s, size_t * data_len) { return NULL; }

I also wonder that there are 2 encoding and 2 decoding functions. I get that there is a pair that returns NSString* s, but why does the second pair return a char* and a void* ? Are these features expected to return? I really do not understand.

+5
source share
2 answers

It looks like they need a general-purpose base64 encoder. Try the code here:

http://cocoadev.com/wiki/BaseSixtyFour

(disclaimer: I have not tested anything)

Here's a second that is easier to read: http://cocoawithlove.com/2009/06/base64-encoding-options-on-mac-and.html

0
source

Please take a look at the solution presented: here , posted by an unknown author.

which contains the following code that I tested and works for me:

 // single base64 character conversion static int POS(char c) { if (c>='A' && c<='Z') return c - 'A'; if (c>='a' && c<='z') return c - 'a' + 26; if (c>='0' && c<='9') return c - '0' + 52; if (c == '+') return 62; if (c == '/') return 63; if (c == '=') return -1; [NSException raise:@"invalid BASE64 encoding" format:@"Invalid BASE64 encoding"]; return 0; } - (NSString *)encodeBase64:(const uint8_t *)input length:(NSInteger)length { return [NSString stringWithUTF8String:base64_encode(input, (size_t)length)]; } - (NSString *)decodeBase64:(NSString *)input length:(NSInteger *)length { size_t retLen; uint8_t *retStr = base64_decode([input UTF8String], &retLen); if (length) *length = (NSInteger)retLen; NSString *st = [[[NSString alloc] initWithBytes:retStr length:retLen encoding:NSUTF8StringEncoding] autorelease]; free(retStr); // If base64_decode returns dynamically allocated memory return st; } char* base64_encode(const void* buf, size_t size) { static const char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; char* str = (char*) malloc((size+3)*4/3 + 1); char* p = str; unsigned char* q = (unsigned char*) buf; size_t i = 0; while(i < size) { int c = q[i++]; c *= 256; if (i < size) c += q[i]; i++; c *= 256; if (i < size) c += q[i]; i++; *p++ = base64[(c & 0x00fc0000) >> 18]; *p++ = base64[(c & 0x0003f000) >> 12]; if (i > size + 1) *p++ = '='; else *p++ = base64[(c & 0x00000fc0) >> 6]; if (i > size) *p++ = '='; else *p++ = base64[c & 0x0000003f]; } *p = 0; return str; } void* base64_decode(const char* s, size_t* data_len_ptr) { size_t len = strlen(s); if (len % 4) [NSException raise:@"Invalid input in base64_decode" format:@"%d is an invalid length for an input string for BASE64 decoding", len]; unsigned char* data = (unsigned char*) malloc(len/4*3); int n[4]; unsigned char* q = (unsigned char*) data; for(const char*p=s; *p; ) { n[0] = POS(*p++); n[1] = POS(*p++); n[2] = POS(*p++); n[3] = POS(*p++); if (n[0]==-1 || n[1]==-1) [NSException raise:@"Invalid input in base64_decode" format:@"Invalid BASE64 encoding"]; if (n[2]==-1 && n[3]!=-1) [NSException raise:@"Invalid input in base64_decode" format:@"Invalid BASE64 encoding"]; q[0] = (n[0] << 2) + (n[1] >> 4); if (n[2] != -1) q[1] = ((n[1] & 15) << 4) + (n[2] >> 2); if (n[3] != -1) q[2] = ((n[2] & 3) << 6) + n[3]; q += 3; } // make sure that data_len_ptr is not null if (!data_len_ptr) [NSException raise:@"Invalid input in base64_decode" format:@"Invalid destination for output string length"]; *data_len_ptr = q-data - (n[2]==-1) - (n[3]==-1); return data; }
0
source

Source: https://habr.com/ru/post/921220/

More articles:


All Articles